R034. Manage user accounts

This document contains the details of the security requirements related to the definition and management of systems in the organization. This requirement establishes the importance of allowing the system to manage and disable the user accounts through privileged users or system administrators.

Requirement

The system must allow superusers
or system administrators
to disable user accounts.

References

HIPAA Security Rules 164.308(a)(3)(ii)(A):
Authorization and/or supervision (Addressable):
Implement procedures for the authorization and/or supervision
of workforce members who work with electronic protected health information
or in locations where it might be accessed.